mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2025-02-17 21:34:17 -05:00
Andrew David Wong
commit
a504271fb3
@ -12,9 +12,9 @@ redirect_from:
|
|||||||
Debian template(s)
|
Debian template(s)
|
||||||
===============
|
===============
|
||||||
|
|
||||||
If you like to use Debian Linux distribution in your AppVMs, you can install one of available Debian templates.
|
If you would like to use Debian Linux distribution in your qubes, you can install one of the available Debian templates.
|
||||||
|
|
||||||
Updates for this template are provided by ITL and are signed by this key:
|
Updates for these templates are provided by ITL and are signed by this key:
|
||||||
|
|
||||||
pub 4096R/47FD92FA 2014-07-27
|
pub 4096R/47FD92FA 2014-07-27
|
||||||
Key fingerprint = 2D43 E932 54EE EA7C B31B 6A77 5E58 18AB 47FD 92FA
|
Key fingerprint = 2D43 E932 54EE EA7C B31B 6A77 5E58 18AB 47FD 92FA
|
||||||
@ -28,7 +28,7 @@ which is also integrity-protected using signed git tags.
|
|||||||
Install
|
Install
|
||||||
-------
|
-------
|
||||||
|
|
||||||
It can be installed via the following command:
|
Templates can be installed with the following command:
|
||||||
|
|
||||||
Debian 7 (wheezy) - old stable:
|
Debian 7 (wheezy) - old stable:
|
||||||
|
|
||||||
@ -54,6 +54,42 @@ reboot should "just work."
|
|||||||
Known issues
|
Known issues
|
||||||
------------
|
------------
|
||||||
|
|
||||||
|
###Starting services
|
||||||
|
|
||||||
|
|
||||||
|
The Debian way (generally) is to start daemons if they are installed.
|
||||||
|
This means that if you install (say) ssh-server in a template, *all* the qubes that use that template will run a ssh server when they start. (They will, naturally, all have the same server key.) This may not be what you want.
|
||||||
|
|
||||||
|
So be very careful when installing software in Templates - if the daemon spawns outbound connections then there is a serious security risk.
|
||||||
|
|
||||||
|
In general, a reasonable approach would be, (using ssh as example):
|
||||||
|
- Install the ssh service.
|
||||||
|
- systemctl stop ssh
|
||||||
|
- systemctl disable ssh
|
||||||
|
- systemctl mask ssh
|
||||||
|
- Close down template
|
||||||
|
|
||||||
|
Now the ssh service will **NOT** start in qubes based on this template.
|
||||||
|
|
||||||
|
Where you **DO** want the service to run, put this in /rw/config/rc.local:
|
||||||
|
|
||||||
|
systemctl unmask ssh
|
||||||
|
systemctl start ssh
|
||||||
|
|
||||||
|
Don't forget to make the file executable.
|
||||||
|
|
||||||
|
|
||||||
|
###Unattended Upgrades
|
||||||
|
|
||||||
|
Some users have noticed that on upgrading to Stretch, the unattended-upgrade package is installed.
|
||||||
|
|
||||||
|
This package is pulled in as part of a Recommend chain, and can be purged.
|
||||||
|
|
||||||
|
The lesson is that you should carefully look at what is being installed to your system, particularly if you run dist-upgrade.
|
||||||
|
|
||||||
|
|
||||||
|
###Contributing
|
||||||
|
|
||||||
If you want to help in improving the template, feel free to [contribute](/wiki/ContributingHowto).
|
If you want to help in improving the template, feel free to [contribute](/wiki/ContributingHowto).
|
||||||
|
|
||||||
More information
|
More information
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user